INTELLIGENCE

Finished Intelligence:

Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.


COMMUNITIES

Forums:

Access to signal-rich discussions from illicit threat actor communities. Supplement internal data with targeted data from highly curated sources.

Chat Services:

Access to around-the-clock conversations within threat-actor channels to monitor and gain insights across threat-actor communities.

Paste Sites:

Enables access to openly shared research, data leaks, and other plain-text files frequently used by both anonymous sources and threat actors to share malicious activity, providing a broader view into open web data.

Blogs:

Provides a broader view into open web data by providing online sources of news and information related to threat actors and collectives, allowing users to monitor activity in malicious communities more comprehensively, as well as risks impacting the organization or brand.

4chan & 8chan:

Provides access to the anonymous 4chan and 8chan message boards, enabling users to monitor malicious content and discussions ranging from hacktivism to physical threats.

Social News Aggregation & Discussion Sites:

Collections from social news aggregation and discussion websites leveraged by both open and deep & dark web communities where illicit actors discuss malicious activities, including malware developments, cyber threats, and physical threats


TECHNICAL DATA

Technical Indicators:

Enables users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets and those included in Finished Intelligence Reports, allowing for seamless integration into users’ workflows and automated tools.

Risk Intelligence Observables (RIOs):

Flashpoint leverages its unique access to underground communities to collect and deliver a near real-time stream of cyber observables that can identify illicit activity from inside forums and file-sharing communities focused on cybercrime, hacking, fraud, and extremism/terrorism. These high-fidelity observables include IP address, location (city / country), hosting provider, timestamp, and user-agent string.

CVEs:

Access to the latest CVEs within Flashpoint collection, including access to MITRE and NVD data, as well as CVEs discussed by threat actors as observed by Flashpoint Intelligence Analysts.


COMPROMISED ASSETS

Compromised Credentials Monitoring - Enterprise (CCM - E):

Enables organizations to search and monitor Flashpoint’s unique collections for compromised enterprise accounts and passwords in order to flag accounts, reset employee passwords, and restrict permissions to prevent actors from accessing confidential or personally identifiable information (PII).


SHOPS

Card Shops:

Collection of stolen credit card data found in illicit high-end credit card shops, compromised from a variety of operations - including dumps from Point-of-Sale (POS) compromises, or credit cards from Card Not Present transactions. Users are provided credit card data including BIN numbers and various card details including country location and expiration dates.

Account Shops:

Customers can identify their organization's compromised accounts found for sale in illicit account shops, further providing an ability to reduce the risk of employees' or customers' login details being used in credential stuffing attacks.

Marketplaces:

Access to top-tier marketplaces, where threat actors buy and sell items such as stolen credentials and personally identifiable information (PII).


SOCIAL MEDIA

Access to interactive social media platforms to view open source information, discussions, chatter, opinions and other forms of virtual expressions that pose potential risks to the enterprise.


*Flashpoint common sources include but not limited to, Twitter, GitHub, GitLab, Shodan, VirusTotal, Telegram, Discourse, and more

Did this answer your question?